CVSS: 10.0EPSS: 94%CPEs: 6EXPL: 6CVE-2022-0543 – Debian-specific Redis Server Lua Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-0543
18 Feb 2022 — It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. ... Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. • https://packetstorm.news/files/id/166885 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3947 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3947
18 Feb 2022 — Un usuario malicioso podría usar este fallo conllevando a una divulgación de información confidencial Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • https://bugzilla.redhat.com/show_bug.cgi?id=2021869 • CWE-125: Out-of-bounds Read •
CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 0CVE-2021-42952 – Zepl Notebook Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-42952
17 Feb 2022 — Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. ... Zepl Notebook suffers from a sandbox escape vulnerability. • http://zepl.com •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25183 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25183
15 Feb 2022 — Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. Jenkins Pipeline: Shared Groovy Libraries Plugin versiones 552.vd9cc05b8a2e1 y anteriores, usan los nombres de l... • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2586 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25182 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25182
15 Feb 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25181 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25181
15 Feb 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2441 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23555 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23555
11 Feb 2022 — The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. • https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d • CWE-562: Return of Stack Variable Address •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 1CVE-2022-0290 – Debian Security Advisory 5054-1
https://notcve.org/view.php?id=CVE-2022-0290
28 Jan 2022 — Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://packetstorm.news/files/id/166080 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23035 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23035
25 Jan 2022 — Al mismo tiempo, los punteros pueden ser borrados (resultando en una desreferencia de NULL) y liberados (resultando en un uso de memoria previamente liberada), mientras que otro código continuaría asumiendo que son válidos Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2022/01/25/4 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23034 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23034
25 Jan 2022 — Se detecta un desbordamiento de los contadores, resultando en el desencadenamiento de una comprobación de errores del hipervisor Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2022/01/25/3 • CWE-191: Integer Underflow (Wrap or Wraparound) •